<6 

CD 

Or 

O 

% 


SECURITY  0.  COMPUTERIZED  INFORMATION  SYSTEMS 


Rein  Turn 
H.  E.  Petersen 


July  1970 


Best  Available  Copy 


u  .  •  .proved 
1  ::dM;  iSi 


P-4405 


■••WviW  pgB ■Bo.TO *jlftfcrT*ff*$?  ??  flE,^3BpRS<^I?ES*3B 


bbb«8m» 


-1- 


SECURITY  OF  COMPUTERIZED  INFORMATION  SYSTEMS* 

Rein  Turn 
H.  E.  Petersen 

The  RAND  Corporation,  Santa  Monica,  California 


h. 


- 1 - 

Any  views  expressed  in  this  Paper  are  those  of  the 
authors.  They  should  not  be  interpreted  as  reflecting  the 
views  of  The  RAND  Corporation  or  the  official  opinion  or 
policy  of  any  of  its  governmental  or  private  research 
sponsors.  Papers  are  reproduced  by  The  RAND  Corporation 
as  a  courtesy  to  members  of  its  staff. 

This  was  a  Paper  presented  at  the  1970  Carnahan 
Conference  on  Electronic  Crime  Countermeasures ,  Lexington , 
Kentucky,  April  16-18,  1970. 


SECURITY  OP  COMPUTERIZED  INFORMATION  SYSTEMS 


by 

Rein  Turn 
and 

Harold  E.  Petersen 

The  RAND  Corporation 
Santa  Monica*  Calif.  90406 

Abstract.  This  paper  addressee  the  vulnerabilities 
of  remotely  accessible  computerised  information 
systems  to  electronic  crime  —  penetration  of  the 
information  system  for  illicit  copying*  altering  or 
destruction  of  Selected  information.  A  condensed 
survey  of  the  probable  threats  and  applicable 
countermeasures  is  presented.  A  particular  empha¬ 
sis  is  placed  on  the  use  of  cryptographic  techniques 
for  protecting  information  in  the  eoonunlcation  lines 


and  in  computer  files. 

Introduction 

The  spectacular  advances  in  computer 
technology  in  the  last  decade  have  set  the 
stage  in  the  70' s  for  a  large  increase  of 
computerized  information  systems  in  all 
areas  of  endeavor:  government*  law  en¬ 
forcement,  business,  industry  and  banking. 
Already  over  50,000  computer  systems  are 
installed  in  the  United  States  and  by  1975 
this  number  is  expected  to  pass  the  150*000 
mark. 

Many  of  the  present  computerized 
information  systems  (and  a  much  larger 
percents ge  in  the  future)  operate  in  the 
an- line,  time -shared  manner  —  an  individ¬ 
ual  user  types  his  information  request  and 
receives  the  requested  data  on  a  terminal 
that  is  connected  to  the  central  data 
•irocessor  and  its  information  storage 
units  through  a  data  transmission  system. 
7ro  central  processor  cyclically  allocates 
slices  of  time  to  each  user,  thus  effec¬ 
tively  processing  all  information  requests 
simultaneously.  In  a  large  information 
system  hundreds  of  terminals  may  be  ser¬ 
viced  simultaneously  and  they  may  be  lo¬ 
cated  hundreds  of  miles  from  the  central 
facility. 

-  Representative  among  the  large  com¬ 
puterized  information  systems  are  banks 
with  terminals  located  at  the  branch  of¬ 
fices,  and  commercial  time-sharing  firms 
*_nat  install  terminals  on  the  premises 
t.-.oir  customers.  It  has  been  estimated 
that  presently  there  are  over  70,000 
terminals  connected  to  computers  and  thi:; 
.-lumber  may  reach  400,000  by  1973. 

The  categories  of  information  stored 
.t.  remotely  accessible  time-shored  com- 

•  ..tor  systems  range  from  personal  data  on 

•  ,  r.s  of  millions  of  individuals  to  propri¬ 
ety  industrial  data,  trade  secrets,  bank 

.r counts  nr.d  stock  market  transactions. 

the  hands  of  criminals  or  unscrupulous 
ousir.ess  competitors  almost  any  category 


of  this  information  could  be  turnad  into  a 
business  advantage  or  a  direct  payoff  in 
cash. 

Storage  of  information  in  eomputarised 
form  allows  rapid  retrieval  and  updating  of 
files  and  drastically  reduces  the  required 
storage  space.  However*  information  pre¬ 
viously  In  the  fora  of  printad  documents  in 
locked  file  cabinets  is  now  replaced  by 
magnetization  patterns  on  tapes  and  disks  — 
they  can  be  anonymously  read,  alterad  or 
erased  without  a  trace  of  evidence  that  this 
has  occurred.  Hence,  anyone  that  has  gained 
access  to  the  information  system  could,  in 
principle,  manipulate  any  information  in  the 
files  —  perhaps  plant  damaging  information 
on  a  competitor,  change  bnnk  accounts  or 
copy  trade  secrets. 

The  increasingly  large  numbers  of  on¬ 
line  information  systems  and  associated 
terminals  provide  increased  access  oppor¬ 
tunities  and  nay  make  penetration  of  these 
systems  appear  profitable  to  a  wider  class 
of  technically  sophisticated  but  larcenously 
inclined  individuals.  Indeed,  the  "elec-r  . 
tronically  perpetrated  crime"  appears  to  be 
characterized  hy  a  low  physical  risk,  small 
probability  of  detection,  anonymity,  lack  of 
evidence  and  a  lack  of  applicable  laws. 
Further,  the  level  of  expertise  previously 
required  for  successful  embezzlement  has 
been  reduced  by  simplification  of  business 
procedures  for  computerized  operation.  On 
the  other  side  of  the  ledger  we  find,  how¬ 
ever,  that  the  resources,  both  in  equipment 
and  know-how,  required  for  successful  pene¬ 
tration  are  considerably  higher  than  those 
necessary  for  conventional  burglaries  or 
holdups . 

The  question  of  providing  increased 
protection  to  data  files  in  remotely  access¬ 
ible  information  systems  has  recently  found 
considerable  attention  in  the  computer  and 
industrial  security  fields  (1,2, 3, 4, 5). 

This  paper  presents  a  condensed  survey  of 
more  likely  threats  and  discusses  several 


3- 


S 


:*b£  -■ 

■Vc. 


P 

t 

j; 

t. 


classen  of  countermeasures.  A  particular 
emphasis  is  placed  on  the  use  of  crypto¬ 
graphic  techniques  for  protecting  informa¬ 
tion  in  communication  lines  and  computes 
files. 

Threats  to  Data  Security 

The  operation  of  an  on-line  time- 
shared  information  system  is  controlled  by 
a  set  of  master  programs  —  the  operating 
s vs tea.  The  basic  tasks  of  the  operating 
system  are  to: 

1.  Receive  access  requests  from 
-.terminals  and  verify  that  the 
user  is  authorized  for  access  — 
possesses  a  valid  account  number 
and/or  password. 

3.  Control  all  communications  with 
the  terminals . 

3.  Schedule  time  slices  to  user  pro¬ 
grams  or  information  r»,ques*». 

4.  Provide  protections  to  xuu.a’ 
programs  and  data  (and  to  -ha 
operating  system  itself*  c gainst 
Inadvertent  destruction  by  other 
users. 

These  functions  of  the  operating  system  are 
the  "bare  bones"  protective  shield  that 
must  be  provided  in  any  time-shared  system. 
The  protection  can  be  augmented  by  estab¬ 
lishing  additional  access  controls  at  cer¬ 
tain  data  files  (e.g. ,  the  oampany  payroll) 
and  imposing  operating  restrictions  against 
certain  set  of  users  (e.g.,  allowing  read¬ 
ing  but  not  altering  data  in  certain  files) . 
Each  ir crease  in  the  protective  features  of 
ths  operating  system  is  accompanied  by  a 
decrease  in  the  efficiency  of  the  informa¬ 
tion  system  as  mors  and  more  computer  time 
is  diverted  to  theae  nonproductive  tasks. 

A  successful  penetration  of  an  infor¬ 
mation  system  depends  on  the  ability  of  the 
penetrator  to  cope  with  the  existing  access 
controls  and  protective  measures  —  he  must 
gain  physical  access  to  a  terminal  or  com¬ 
munication  line  of  the  system  and  then 
defeat  the  operating  system.  Several  prob¬ 
able  penetration  tactics  are  enumerated 
below. 

Deception 

A  user  who  is  normally  allowed  tc  use 
the  information  system  may  have  learned 
the  account  number  or  passwords  that  permit 
access  to  restricted  files.  He  can  now 
masquerade  as  an  authorised  user  and  see 
ell  files  or  perform  all  operations  that 
were  authorized  for  the  latter. 

Deception  may  also  be  attempted  from 
outside  of  the  system  by  connecting  a  com¬ 
patible  privately  owned  terminal  into  the 
system.  If  terminals  are  normally  con¬ 
nected  by  dialing  a  telephone  number,  the 
illicit  terminal  cbuld  be  connected  in  the 
^ame  manner.  If  private  Unas  are  employed 


it  may  be  possible  to.  physically  tap  the 
terminal  into  one  of  the  lines.  The  neces¬ 
sary  account  numbers  and  passwords  could  be 
obtained  from  discarded  printouts,  by  theft, 
wire  tapping  or  bribery. 

Wire  Tapping 

Passive  eavesdropping  by  wire  tapping 
is  a  low  cost  approach  to  copying  all  in¬ 
formation  communicated  over  the  line.  It 
is  necessary  to  gain  physical  access  to  the 
communication  lines  and  sort  out  the  correct 
wires.  A  pickup  device,  tape  recorder  and 
a  terminal  (or  equipment  that  can  emulate 
the  terminal;  are  required  for  recording  and 
uncovering  the  information.  Hire  tapping 
must  be  considered  as  a  very  probable  start¬ 
ing  point  for  any  determined  external  attack 
against  the  system. 

Circumvention 

Circumvention  of  the  normal  protective 
features  may  be  possible  through  existing 
imperfections  or  oversights  in  the  operating 
system,  A  penetrator  could  discover  these 
by  detailed  studies  of  the  operating  system 
programs  or  experimentally.  However,  an 
experimental  search  for  weaknesses  in  an 
operating  system  requires  access  to  the 
system  for  prolonged  periods  of  time,  and  the 
persistent  rejection  of  the  penetrator  a 
access  attempts  are .  likely  to  alarm  the 
system  management.  If  a  circumvention 
scheme  is  discovered  the  payoff  is  great  — 
information  can  be  copied,  altered  and 
destroyed  with  impunity. 

Tampering 

Deliberate  insertion  of  circumvention 
schemes  in  the  operating  system  implies  the 
cooperation  of  persons  who  gain  normal 
access  to  the  operating  aystes.  and  to  the 
computer  hardware  —  systems  programmers 
and  maintenance  engineers.  If  appropriate 
controls  are  in  force  a  conspiracy  may  be 
difficult  to  establish  and  a  lone  wolf 
approach  ineffective. 

Physical  Penetration 

Physical  penetration  of  the  computer 
facility  by  an  outsider  for  the  purposes 
of  stealing  access  information  or  selected 
information  files  is  so  what  outside  the 
category  of  electronic  crime  although  it 
may  directly  achieve  objectives  that  may  be 
exceedingly  costly  or  time  consuming  by 
electronic  meant. 

A  different  threat  to  information 
systems  arises  from  persons  whose  objectives 
on  breaking  and  entering  are  to  cause  dis¬ 
ruption  and  destruction,  witness  the 
recent  damage  to  computers  st  the  Stanford 
Research  Institute  and  at  the  williams 
University  in  Montreal.  Many  of  these  in¬ 
dividuals  are  fanatics  not  deterred  by 
physical  risk,  detection  or  apprehension. 


r 

i 


4 


Case  Histories 

To  date  the  published  accounts  of 
electronic  crime  against  information  sya- 
tens  deal  exclusively  with  tampering  of  the 
operating  system  or  application  programs 
by  programmers  themselves  for  financial 
gain.  There  was  a  programmer  in  Minnea¬ 
polis  whose  checking  account  overdrafts 
were  ignored  by  the  computer  and  a  con¬ 
spiracy  at  a  'Jew  York  stock  brokerage  !lm 
who  mailed  checks  to  their  homes  under  t.c- 
titous  names  {6) .  It  is  interesting  to 
note  that  a  claim  of  ‘computer  error"  was 

used  by  the  embezzlers  whenever  their _ 

activities  caused  suspicion.  The  manage¬ 
ment  readily  accepted  this  explanation! 

No  penetrations  of  information  systems 
from  remote  locations  have  been  reported 
but  it  is  known  that  tapping  of  data  lines 
has  been  attempted  (5)  . 

Countermeasures 

The  normal  protective  features  of  a 
remotely  accessible  information  system  are 
not  designed  to  resist  sophisticated  pene¬ 
tration  attempts.  For  increased  security 
they  ..ust  be  augmented  by  additional  pro¬ 
grammed  procedures  or  electronic  devices. 
The  objective  is  not  absolute  security  — 
this  can  never  be  achieved,  but  rather  an 
increase  of  tbu  cost  of  penetration,  the 
"work  factor",  to  a  level  where  the  ex¬ 
pected  payoff  becomes  relatively  small. 

At  the  same  time ,  a  balance  must  be  main¬ 
tained  between  the  cost  of  co tin ueroaasurss 
and  the  value  of  the  protected  information. 

Improved  Operating  System 

The  key  to  successful  application  cf 
any  programmed  protection  procedure  is  the 
integrity  of  the  operating  system.  It  must 
be  designed  to  be  free  of  any  vulnerabili¬ 
ties  and  imperfections  —  every  sequence 
of  input  statements  by  the  user,  however 
illogical,  must  be  properly  handled.  The 
design  of  such  a  system  requires  a  high 
degree  of  programming  competence  (8,4},  a 
thorough  initial  checkout  and  periodic 
tests  to  verify  its  integrity. 

Beal-Time  Monitoring 

A  capability  to  continuously  monitor 
the  system  activity  —  access  requests  by 
users,  granting  or  refusing  of  access, 
status  of  the  lists  of  current  users  and 
terminals  --  provides  a  further  increase 
in  the  system's  security.  Attempts  at 
deception  can  be  detected  when  two  users 
claim  the  same  identity  or  when  two  iden¬ 
tically  labeled  terminals  are  connected. 
Unusual  activity  in  a  file  or  abnormally 
large  numbers  of  access  rejections  may 
indicate  attempts  to  penetrate  the  system. 

?ne  cost  of  real-time  monitoring 
arises  essentially  in  the  storage  space 
required  fur  maintaining  the  logs  and  in 
the  computer  time  for  their  updating.  In 
large  systems  the  cost  may  become  suffi¬ 
ciently  high  to  restrict  monitoring  only 
to  selected  sets  of  users  and  files. 


Positive  Identification 

The  normal  access  control  procedures 
identify  a  user  by  his  account  number  and 
may  require  additional  passwords  to  authen¬ 
ticate  his  identity  or  gain  access  to  re¬ 
stricted  file*.  Ir,  principle,  the  protec¬ 
tion  afforded  by  the  password  approach  may 
be  increased  to  any  lave!  by  requiring 
longer  sequences  of  passwords.  Protection 
against  wire  tapping  is  on earned  by  use  of 
"onetime"  passwords  that  are  discarded  after 
a  single  use. 

_ A  high  degree  of  csnfidsjiha  an  idanti- — 

fication  of  an  individual  can  )>e  obtained 
by  uelng  fingerprints,  signatures  or  voice 
characteristics  as  passwords  (10,  11,12,13). 
These  techniques  require  installation  of 
appropriate  sensors,  maintenance  of  a  li¬ 
brary  of  measurement*  that  characterise  the 
particular  identifying  feature  for  a  set  of 
known  individuals,  and  a  processor  for  com¬ 
parison  of  the  given  sample  against  the 
master  file. 

A  natural  implementation  of  the  finger¬ 
print,  signature  or  voice  print  identifica¬ 
tion  devices  to  controlling  access  to 
information  systems  locates  the  sensors  at 
terminals  end  performs  the  processing  in 
the  central  computer.  Note,  however,  that 
once  again  a  threat  arises  from  wire 
tapping  —  the  scan  patterns  from  the 
sensor  can  be  recorded  and  played  back  into 
the  systam  during  penetration.  The  cost 
depends  on  the  complexity  of  the  sensors 
and  the  amount  of  required  processing. 

Protected  Communication  Lines 

Telephone  lines ‘Connecting  a  terminal 
and  the  central  computer  are  extremely 
vulnerable  to  wire  tapping.  By  this  means 
all  communications  on  the  lice,  including 
the  passwords,  can  be  recorded  at  a  minimal 
cost  and  low  risk.  It  is  clear  that  a  pre¬ 
requisite  for  a  high  level  of  security  is 
either  an  adequate  physical  protection  of 
the  coastuni cation  lines  or  concealment  of 
the  transmitted  information  by  crypto¬ 
graphic  techniques. 

Placing  of  wire  teps  on  telephone 
lines,  terminal  boards  in  manholes  or 
directly  inside  a  telephone  or  data  modem 
has  become  a  sophisticated  art  (1<) . 

Detection  of  a  tap  on  the  external  wires 
is  extremely  difficult  by  other  than  visual 
inspection. 

The  only  effective  protection  against 
the  placement  of  wire  taps  is  to  prevent 
access  to  the  communication  lines  by  using 
buried  and  armored  cables,  locked  ar.d 
alarmed  terminal  boards  and  manhole  covers, 
and  physical  protection  of  the  terminal 
facilities  at  the  remote  locations  and  it 
the  central  computer. 

The  concealment  of  information  by 
cryptographic  techniques  is  based  on  using 
3  “key"  --  a  particular  sequence  of  opera¬ 
tions  cn  the  message  —  to  systematically 
transform  the  message  at  the  transmitting 


-5- 


tcrminal  into  an  unintelligible  and  appar¬ 
ently  random  sequence  of  characters.  The 
original  information  is  recovered  at  the 
receiving  terminal  by  applying  the  same  key 
in  an  inverse  order.  A  properly  designed 
cryptographic  transformation  provides  a  high 
level  of  protection  by  making  the  detection 
of  the  key  by  analysis  of  the  intercepted 
messages  an  extremely  difficult  task.  The 
keys  themselves  must  receive  the  highest 
level  of  protection  and  by  handled  only  by 
the  most  trustworthy  employees  of  the  infor¬ 
mation  system. 

Historically,  the  cryptographic  equip¬ 
ment  for  communication  lines  has  been  very 
expensive  and  essentially  inaccessible  to 
commercial  users.  Only  recently  have  a  few 
preliminary  models  of  data  privacy  devices, 
as  they  are  called,  become  available  for 
private  business. 

The  use  of  cryptographic  transfonsations 
for  protecting  computer  data  is  discussed  in 
more  detail  in  a  subsequent  section  of  this 
paper . 

Physical  Protection  of  Premises 

A  large  selection  of  electronic  intru¬ 
sion  detection  devices  and  associated  alarms 
are  available  for  designing  physical  protec¬ 
tion  systems  for  terminal  and  central  com¬ 
puter  facilities  (15) .  Among  the  major 
categories  of  these  devices  are  the  follow¬ 
ings 

1.  Electrical  burglar  alarms  to 
detect  Opening  of  doors  and  windows. 

2.  Electromagnetic,  optical  or  acous¬ 
tical  barriers  for  protecting  an 
area.  An  intruder  is  detected 
when  he  approaches  or  crosses  the 
barrier. 

3.  Electronic  motion  detectors  regis¬ 
ter  even  the  slowest  motions. 

4.  Vibration  detectors  can  be  used  to 
protect  specific  objects. 

The  output  signals  from  anti-intrusion 
devices  are  normally  connected  to  local 
alarms  and  also  used  to  activate  automatic 
telephone  dialing  equipment  to  notify 
appropriate  security  forces. 

Cryptographic  Countermeasures 

Traditionally  the  applications  cf 
cryptography  for  concealment  of  information 
and  the  solution  of  resulting  cryptograms 
(16)  have  been  treated  in  open  literature 
as  a  form  of  entertainment  similar  to  cross¬ 
word  puzzles  or  anagrams.  Except  for 
Shannon's  early  work  (7)  the  application 
of  cryptography  to  the  protection  of  commer¬ 
cial  data  has  found  wider  attention  only  in 
the  recent  few  years  (1,17,18,19). 

Trans  formations 

Two  basic  classes  of  cryptographic  transfor¬ 
mations  have  been  used  since  ancient  times: 


1.  Substitution  of  the  characters  a.-. 
the  message  with  other  characters 
or  groups  of  characters.  The  re¬ 
placement  characters  may  come  fron 
an  alphabet  different  from  that  used 
for  the  message. 

2.  Transposition  of  the  sequencing  of 
the  characters  in  the  message. 

The  set  of  parameters  or  rules  that  spec¬ 
ify  a  particular  substitution  or  transposi¬ 
tion  scheme  is  the  key  of  the  cryptographic 
transformation.  The  aet  of  all  possible  keys 
is  the  key  space.  Even  for  very  simple 
transformations  the  key  space  may  be  very 
large.  For  example,  there  are  1026  possible 
one-to-one  substitutions  of  the  26  characters 
of  the  English  alphabet. 

The  substitution  transformations  may  be 
increased  In  complexity  by  cyclically  apply¬ 
ing  N  different  substitutions  —  a  polyalpha- 
betic  substitution  is  used.  The  length  of 
the  key  is  now  increased  by  N  and  the  size  of 
the  key  space  by  Nt  (the  number  of  permuta¬ 
tions  of  the  N  sets  of  subtitution  rules) . 

The  key  space  of  the  transposition  trans¬ 
formations  depends  on  the  length  of  the  group 
of  characters  that  is  being  permuted.  For  a 
group  of  length  M  there  are  Hi  possible  trans¬ 
positions.  Practical  aspects  of  implementing 
substitution  and  transposition  transformations 
in  a  digital  computer  are  discussed  in 
Reference  19 .  , 

The  best  protection  is  obtained  by  making 
the  keys  very  long  and  correspondingly,  the 
key  spaces  very  large.  In  fact.  Shannon  (7) 
has  proven  that  the  necessary  and  sufficient 
condition  for  a  cryptographic  transformation 
to  be  perfect  (totally  unbreakable)  is  that 
the  key  is  random,  the  same  length  as  the 
message,  and  used  only  once.  A  perfect 
cryptographic  system  is  known  as  the  Vernam 
system. 

Although  implementation  of  the  Vernam 
system  is  not  practical  in  commercial  infor¬ 
mation  systems,  it  is  still  possible  to 
generate  keys  with  very  long  periods  by  uti¬ 
lizing  feedback  shift-register  circuits  (20) . 
It  should  be  pointed  out,  however,  that  very 
large  key  spaces,  for  example  the  1026  possi¬ 
ble  monoalphabetic  substitutions  mentioned 
above,  do  not  necessarily  imply  large  amounts 
of  security.  Indeed,  Shannon  (7)  has  shown 
that  less  than  100  properly  chosen  tests  may 
be  sufficient  to  determine  the  key  in  this 
case. 

It  is  clear  that  unless  the  Vernam 
system  is  implemented,  a  large  key  space  is 
only  a  necessary  but  by  no  means  a  sufficient 
prerequisite  for  obtaining  increased  security 
through  cryptographic  techniques. 

Basic  Elements 

Essential  in  any  application  of  crypto¬ 
graphic  techniques  to  information  in  computer 
files  or  data  communication  links  are  the 
following : 


-6- 


1.  A  hardware  device  or  a  set  of  com¬ 
puter  programs  for  automatic  en¬ 
crypting  of  the  data  at  the  trans¬ 
mitting  terminal  or  when  storing 
in  the  files. 

2.  A  similar  device  or  program."  for 
performing  the  decryption  opera¬ 
tion  at  the  receiving  terminal  or 
upon  reading  the  data  from  th« 
files . 

3.  A  mechanism  for  inserting  the  key 
into  the  device  or  the  programs. 

It  is  prudent  to  assume  that  neither 
the  selected  cryptographic  system  nor  the 
construction  details  of  the  hardware  or  * 
programs  can  be  kept  secret  indefinitely. 

The  entire  burden  of  providing  security 
rests,  therefore,  on  the  keys  —  the  pene- 
trator  who  intercepts  an  encrypted  message 
must  not  know  which  of  the  thousands  of 
equally  probable  keys  was  used.  Thus,  it 
is  imperative  to  provide  the  keys  with  the 
highest  attainable  protection.  Further, 
they  should  be  changed  as  frequently  as 
operationally  feasible  and  every  communi¬ 
cation  link  and  file  should  use  a  different 
key. 

Vulnerabilities 

intercepted  encrypted  messages  are  not 
solved  by  trying  all  possible  keys.  Instead, 
the  solution  is  attempted  and  often  obtained 
with  amazingly  little  effort  by  utilizing 
the  following  known  or  postulated  character¬ 
istics  of  the  message  language: 

1.  Average  frequencies  of  occurences 
of  single  characters  or  pairs  of 
characters'  (digrams) . 

2.  The  size  of  the  vocabulary  and 
the  frequencies  of  occurrences 
of  words  —  the  "probable  word" 
approach . 

3.  Redundancy  in  the  words  —  the 
number  of  characters  that  may  be 
deleted  from  a  word  and  still 
allow  its  unique  determination. 

•; .  The  grammatical  structure . 

If  a  sufficient  amount  of  encrypted 
message  is  intercepted  then  the  results  of 
these  analyses  on  parts  of  the  message  can 
be  used  to  form  hypotheses  concerning  the 
key  and  tested  on  other  parts  of  the  message. 
If  partial  clear  text  emerges  the  hypotheses 
arc  modified  and  tested  until  the  key  is 
determined. 

Historically,  all  but  a  very  few  non¬ 
perfect  cryptographic  systems  have  eventu¬ 
ally  been  "broken."  The  principal  factors 
that  contributed  to  their  weaknesses  were 
use  of  keys  with  short  periods,  use  of 
highly  formatted  messages  with  limited 
vocabularies  (as  in  military  communications) , 
and  encrypting  many  messages  with  the  same 
key. 


Although  the  wouldbe  penetrators  of  an 
information  system  are  not  expected  to  have 
infinite  resources  and  time  available  for 
breaking  of  keys,  it  is  still  necessary  to 
analyze  the  computer  languages  used  in  the 
system  and  the  data  in  the  files  to  determine 
whether  their  characteristics  may  seriously 
increase  the  vulnerability  of  the  crypto¬ 
graphic  system  under  consideration. 

Properties  of  Computer  Languages 

Computer  languages  are  designed  for 
certain  specific  purposes  such  as  writing 
computer  programs  or  quering  computerized 
information  files.  Unlike  the  natural  lan¬ 
guages,  they  are  designed  to  be  precise  and 
logical.  They  are  characterized  by  the 
following: 

1.  Limited  vocabulary  —  a  relatively 
small  number  of  words  or  sentences 
are  used. 

2.  Rigid  format  and  grammatical  struc¬ 
ture  —  spelling  and  rules  for 
constructing  sentences  must  bs 
followed  to  the  last  detsil. 

3.  Predictable  statistics  —  in  order 
to  accomodate  the  users,  the  vocab¬ 
ulary  and  sentence  structure  is 
usually  designed  to  closely  resemble 
the  naturel  language.  Hence  the 
character  frequencies  may  approxi¬ 
mate  those  of  the  natural  language. 

4.  Enriched  character  set  —  computer 
languages  generally  employ  e  large 
set  of  special  characters  end 
symbols.  They  ere  often  used  in  a 
predictable  manner  (e.g.,  every 
query  statement  may  have  to  be 
terminated  by  e  dollar  sign) . 

All  of  the  enumerated  charaterietics 
appear  to  make  solution  of  the  key  easier  by 
reducing  the  uncertainty  regarding  character 
or  word  usage. 

In  addition  to  statements  in  computer 
language,  the  encrypted  messages  will  also 
contain  large  amounts  of  data  from  the  com¬ 
puter  files.  Depending  on  the  particular 
application  area  these  data  may  consist 
largely  of  numbers,  names,  addresses  and 
various  sets  of  abbreviations.  These  can  be 
expected  to  exhibit  markedly  different 
statistical  features  —  all  possible  N-digit 
numbers  may  be  equally  likely,  names  are  not 
constrained  to  be  words  of  the  natural 
language,  and  all  possible  combinations  of 
letters  may  be  used  as  abbreviations  or  codes. 
The  reduction  of  key  uncertainty  using  statis¬ 
tical  tests  is  now  much  more  difficult. 

Computer  programs,  however,  can  be 
expected  to  exhibit  statistical  properties 
somewhere  between  these  of  the  highly  struc¬ 
tured  query  languages  and  the  numerical  data 
—  certain  fixed  statements  must  be  used  but 
the  programmer  is  also  free  to  invent  his 
own  names  for  variables  and  use  numerical 
values  for  constants.  To  illustrate  this. 


figure  1  displays  a  plot  of  the  relative 
frequencies  of  character  usage  as  found  in 
the  English  language  and  in  a  typical  com¬ 
puter  program  written  in  FORTRAN.  Note  the 
high  usage  of  special  characters  (commas, 
pirenthese,  and  the  equal  sign)  in  FORTRAN 
and  the  generally  flatter  shape  of  the  usage 
curve. 


FORTRAN  I,  ()OLFADTNBjl-SlRM4FX.GC2XV3iSiB 


Figure  1  Letter  Usage  in  English  Text  and 
in  a  FORTRAN  Computer  Program 

work  Factor 

It  was  suggested  previously  that  the 
cost  of  breaking  a  key  could  he  estimated 
in  terms  of  a  work  factor  for  this  task. 

This  could  then  Le'  used  as  ralativa  measure 
of  security  of  the  cryptographic  systems 
that  are  being  considered. 

Breaking  of  the  key  of  an  intercepted 
encrypted  message  is  largely  a  problem  of 
mathematics  and  logic.  In  general  it  is 
possible  to  derive  mathematical  equations 
and  formulate  statistical  procedures  that 
can  be  iteratively  applied  to  evaluate 
hypotheses  concerning  the  unknown  key.  If 
tnese  procedures  can  be  converted  into  com¬ 
puter  programs,  the  work  factor  can  bo 
estimated  in  terms  of  the  average  number  of 
arithmetic  operations  required  to  obtain 
the  solution. 

A  dollar  value  of  the  work  factor  can 
now  be  estimated  for  a  particular  computer 
that  is  expected  to  represent  the  resources 
of  the  penetrator  by  determining  the  cost 
of  computer  time  required  to  perform  the 
necessary  arithmetic  operations. 

The  estimated  work  factor  represents 
tr.e  cost  of  breaking  one  key.  Its  adequacy 
as  a  deterrent  depends  on  the  amount  of 
information  and  the  degree  of  penetration 
that  could  be  attsinso  on  this  basis.  If 
the  system  uses  many  keys  end  they  are  fre¬ 
quently  changed  then  even  a  work  factor  of 
just  a  few  hours  per  key  may  be  more  than 
the  penetrator' s  resources  could  handle. 

Practical  Aspects 

There  are  a  number  of  practical  problems 
associated  with  the  implementation  of  crypto¬ 
graphic  transformations  in  a  real-time  com¬ 
munication  network: 


1.  Synchronisation.  In  all  but  the 
simplest  monoalpnabttic  substitution 
it  is  necessary  to  maintain  the 
encryption  and  decryption  devices 

at  both  ends  of  the  communication 
link  in  synchronism. 

2.  Reserved  codes.  A  communication 
system  usually  employs  a  set  of  code 
words  used  for  the  control  of  tne 
network.  Inadvertent  generation  of 
these  codas  by  the  encryption  pro¬ 
cess  may  interfere  with  the  normal 
operation  of  the  network.  Special 
circuitry  may  he  needed  for  their 
detection  and  handling. 

The  lack  01  computing  capability  at  the 
remote  terminals  suggests  use  of  electronic 
hardware  rather  than  programmed  procedures 
for  key  generation  and  application.  Circuits 
based  on  the  feedback  shift-register  action 
appear  especially  suitable  (20)  and  can 
be  miniaturized  by  using  the  integrated 
circuit  technology.  For  example,  it  is 
possible  to  package  a  23-stags  shift-register 
and  associated  circuits  in  a  space  less  than 
one  cubic  inch  in  volume.  This  generator  can 
produce  a  key  sequence  of  more  than  one 
million  character*  and  has  a  key  space  of 
356,000  different  keys.  Modern  computing 
technology  aey  permit  even  more  complex  pro¬ 
cedures  at  modest  cost  (19) . 

Concluding  Remark* 

The  threat  to  computerized  information 
systems  by  electronic  means  —  the  electronic 
crime  —  is  be coming  e  reality.  The  neces¬ 
sary  technology  exists,  risk  is  low  and  pay¬ 
off  may  be  greet.  Unlike  in  other  forms  of 
crime,  however,  the  technology  used  for  peoe- 
tration  can  be  applied  even  more  effectively 
to  provide  protection. 

The  cost  of  protective  devices  and  tech¬ 
niques  is  greatly  reduced  if  they  are  includ¬ 
ed  in  the  terminals  and  communication  links 
in  the  design  phaee  and  not  as  a  retrofit. 

We  feel  that  is  a  high  time  for  the  elec¬ 
tronic  crime  measures  researchers  and  indus¬ 
try  to  turn  their  attention  to  providing 
effective  low  cost  devices  to  counter  the 
emerging  threat  of  electronic  crime  now  while 
it  still  is  in  its  infancy. 

References 

1.  Petersen,  H.  E.  and  Rein  Turn,  "Systems 
Implications  of  Information  Privacy," 
AFIPS  Conference  Proceedings  Vol.  30, 

1967  Spring  Joint  Computer  Conference, 
Thompson  Book  Co.,  New  York,  1967,  pp. 
291-300. 

2.  Hoffman.  L.  J.,  "Computers  and  Privacy: 

A  Survey,"  Computing  Surveys,  Vol.  1, 

No.  2,  June  1969,  pp.  86-103. 

3.  "The  Considerations  of  Data  Security  in 
a  Computer  Environment,"  International 
Business  Machines  Corporation,  New  York, 
New  York,  1969. 


-8- 


>i .  "Problems  anci  Potential  Solution  in 

Oonputor  Control,*  Industrial  Security, 
Vol.  13,  No.  2,  April  19  69  , 

i.  “Computer  Security,"  Indtucrial  Security, 
Vol.  13,  Mo.  6,  December  19  61. 

6.  "Crooked  Operators  Use  Computers  to 

— i le  Money  frnn  Companies  ,  The  Alii 
Street  Journal,  April  5,  1968. 

7.  Shannon,  C.  E. ,  “Communications  Theory 

_  of  Secrecy  Systems,"  Bell  Systea  Tech¬ 
nical  Journal,  Vol.  28,  Cctooar  1989, 
pp.  656-715 . 

8.  Peters,  Bernard,  "Security  Consideration* 
in  a  Multi-Programmed  Computer  System,* 
AFIPS  Conference  Proceedings,  Vol.  30, 
1967  spring  Joint  lomputer  Conference, 
Thompson  Book  Co.,  Mew  York,  1967,  pp. 
283-286. 

9.  Weissman.  Clark,  ‘Security  Controls  in 
the  ADEPT- 50  Time-Sharing  System," 

APIPS  Conference  Proceedings,  Volume  35, 
1969  Pail  ..oint  Computer  Conference, 

The  AFIPS  Press,  Mont  vale.  Hew  Jersey, 
1969,  pp.  119-133. 

10.  Busch,  C.  E. ,  ‘Applications  of  Electro- 
Optical  Fingerprint  Correlators," 
Proceedings,  1969  Carnahan  Conference 
on  Electronic  Crime  Countermeasures, 
university  of  Kentucky,  Lexington,  Ky., 
pp.  90-97. 

11.  Dyche,  J.  W. ,  "Positive  Personnel 
Authentication  by  Handwsitein, "  proceed¬ 
ings,  1969  Carnahan  Conference  on 
Electronic  Crime  Countermeasures, 
University  of  Kentucky,  Lexington,  Ky., 
pp.  114-126. 


12.  Kersta,  L.  G.,  "Voice  Pattern  Identic 
tication  of  Speakers,"  Proceedings, 

1969  Carnahan  Conference  on  Electronic 
Crime  Countermeasures ,  University  of 
Kentucky,  Lexington,  Ky.,  pp.  127-136. 

13.  Luck,  J.  E.,  "Description  of  a  :<cai 
Time  Completely  Automatic  Speaker 
Verification  System,"  Proceedings,  1569 
Carnahan  Conference  on  Electronic  crir.e 
Countermeasures ,  University  of  Kentucky, 
Lexington,  Ky.,  pp.  98-113. 

14 .  Purg sieve,  S.  a.,  "The  Eavesdroppers: 
'Fallout'  from  RAD, "  Electronic  Design, 
Vol.  14,  No.  IS,  June  21,  1966,  pp. 
35-43. 

15.  Cantor,  Lon,  "Electronic  Intrusion 
Alarms,"  Electronics  World,  Vol.  80, 

Mo.  3,  September  1968,  pp.  44-46. 

16.  Gaii.es,  H.  F. ,  "Cryptanalysis,"  Dover 
Publications  Inc.,  New  York,  1956. 

17.  Van  Tassel,  Dannie,  ‘Cryptographic 
Techniques  for  Computers,"  AFIPS  Pro¬ 
ceedings,  Vol.  34,  1969  Spring  Joint 
Computer  Conference,  The  AFIPS  press, 
Montvale,  New  Jersey,  1969,  pp.  367-372. 

18.  Kahn,  David,  "The  Code  Breakers,"  The 
McMillan  Company,  New  York,  1967. 

19.  Skatrud,  R.  O.,  "A  Consideration  of  the 
Application  of  Cryptographic  Techniques 
to  Dete  processing , "  AFIPS  conference 
Proceedings,  Vol.  35,  1969  Fall  Joint 
Computer  Conference,  The  AFIPS  Press, 
Montvale,  New  Jersey,  1969,  pp.  111-117. 

20.  Reed,  I.  S.  and  Rein  Turn,  "A  General- 
iiation  of  Shift-Register  Sequence 
Generators,  "Journal  of  the  ACM,  vol. 

16,  No.  3,  July  1969,  pp.  461-473. 


